Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2025-04-01 CVE-2025-2237 The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26.
network
low complexity
CWE-269
critical
9.8
2025-03-14 CVE-2025-2232 Improper Privilege Management vulnerability in Purethemes Realteo 1.2.4
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8.
network
low complexity
purethemes CWE-269
critical
9.8
2025-03-14 CVE-2024-13376 The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8.
network
low complexity
CWE-269
8.8
2025-03-11 CVE-2025-21199 Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.
local
high complexity
CWE-269
6.7
2025-03-08 CVE-2025-0177 Improper Privilege Management vulnerability in Javothemes Javo Core
The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080.
network
low complexity
javothemes CWE-269
critical
9.8
2025-03-08 CVE-2024-13835 Improper Privilege Management vulnerability in Wpexpertplugins Post Meta Data Manager
The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.3.
network
low complexity
wpexpertplugins CWE-269
7.2
2025-03-05 CVE-2024-11951 The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0.
network
low complexity
CWE-269
critical
9.8
2025-03-05 CVE-2024-12281 The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2.
network
low complexity
CWE-269
critical
9.8
2025-02-27 CVE-2024-2297 Improper Privilege Management vulnerability in Bricksbuilder Bricks
The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1.
network
low complexity
bricksbuilder CWE-269
8.8
2025-02-27 CVE-2025-1295 The Templines Elementor Helper Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.7.
network
low complexity
CWE-269
8.8